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WHAT IS CLAIMED IS: 



3. 



4. 



A secure processing unit, the secure processing unit including: 
an internal memory unit; 



processor; 



detection and response logic; 




an interface! to external systems or components; 

one or more buses for connecting the internal memory unit, the processor, the 
tamper detectioni^nd response logic, and the interface to external systems and 
components; and 

a tamper-resistant housi^ 

2. A secure processing unit as in claim 1, in which the internal memory unit includes: 

secure random access memory; 

secure non- volatile memory; 



secure read-only memory. 

A secure processing unit as in claim 2, in which the secure non-volatile memory is 
powered by a battery. 

A secure processing unit as in claim 3, in which the secure non- volatile memory 
contains at least one cryptographic key. 

A secure processing unit as in claim 1, in which the internal memory unit includes a 
unique identifier for the secure processing unit, a private cryptographic key, a public 
cryptographic key, and a cryptographic certificate linking the unique identifier and 
the public cryptographic key. 
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1, in which the processor includes: 



a memory man; 

a plurality of processor securityrfcgislgrs. 

A secure processing unit as in claim 6, including: 

access c^hfeQl data, the access control data being operable to indicate whether 
access to predefinetNa^mory regions is restricted to certain software components 
or processor modes. 

A secure processing unit as in claim 7, in which the access control data are stored in a 
critical address register, the critical address register comprising one of the processor 
security registers. 

A secure processing unit as in claim 6, thesecure processing unit further including a 
tev^l-one page table, the level-one page tab^J including a plurality of level-one page 
table erifrks, wherein the level-one page table entries each correspond to at least one 
level-two page ta&te^^nd wherein the leve^qie page table entries each contain a 
predefined attribute, the pr&tefoied attribute being operable to indicate to the memory 
management unit whether entries li^^Qorresponding level-two page table may 
designate certain predefined memory regions 

A secure processing unit as in claim 9, whereby level-two page tables that may not 
designate the predefined memory regions are not stored in the internal memory unit. 




An information appliance, the information appliance comprising: 
a memb^ unit; 

a secure processing unit, the secure processing unit including: 
a tamper re^tant packaging; 
tamper detectionsand response logic; 
a secure memory uni^ 
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a processing unit, including a memory management unit and a plurality of 
;essor security registers; 

a bus for connecting the memory unit and the secure processing unit; 

wherein the secure proce^mg unit is operable to perform both secure processing 
operations and at least some pi^cessing operations performed by a conventional 
information appliance processing 

An information appliance as in claim 1 1, in which the information appliance is 
selected from the group comprising: a television set-top box, a portable audio player, 
a portable video player, a cellular telephone, a personal computer, and a workstation. 

An information appliance as in claim 1 1, in which the secure processing unit is the 
information appliance's primary processing unit. 

An information appliance as in claim 1 1, in which the secure processing unit is the 
information appliance's only processing unit. 

An information appliance as in claim 1 1, in which the secure processing unit 
includes: 

a critical address register, the critical address register containing a plurality of 
access control bits, the access control bits being operable to indicate whether 
access to associated memory regions is restricted to predefined software 
components or processor modes. 

An information appliance as in claim 15, in which the critical address register 
comprises one of the processor security registers. 



formation appliance as in claim4 1, farther including: 




a level-one page4^ble and a plutali^dCievel-two page tables, the level-one page 
table including a plurahtj^ollevel-one page table entries and the level-two page 
table including a plurality of level-t^Chft^e table entries, wherein the level-one 
page table entries each correspond to at least onfe4€^el-two page table, and 
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wheremti^leyel-one page tabl€arMes each contain a predefined attribute, the 
predefined attribifte4jeing op^bkr to indicate to the memory management unit 
whether a corresponding le^el^wo page table may designate certain predefined 
memory regions. 

"^irinfQgnation appliance as in claim 17, in which level-two page tables that may not 
designate the pf5defiQedmemory regions are stored in the memory unit, and wherein 
the level-one page table anTSl^tevel^wo page tables that may designate the 
predefined memory regions are stored in m^ssQurememory unit. 

In a system including a secure processing unit, the secure processing unit comprising 
an internal memory unit and a processor, and the processor including a memory 
management unit and a plurality of processor security registers, a method for 
controlling access to the internal memory unit, the method comprising: 

(a) obtaining a request to access a portion of memory in the internal memory 
unit; 

(b) checking critical address protection data stored in at least one of said 
processor security registers to determine whether the portion of memory is 
subject to critical access protection; 

(c) granting the request if the portion of memory is not subject to critical 
access protection. 

A method as in claim 19, further including: 

(b) (1) determining whether the processor is operating in a predefined mode; 

(c) (1) granting the request if the processor is operating in the predefined mode. 
A method as in claim 20, in which the predefined mode is a supervisor mode. 
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